Virus
Types
The majority of viruses fall into four main
classes:
- Boot sector
- File infector
- Multi-partite
- Macro viruses
Boot Sector Viruses
Until the mid-1990s,
boot sector viruses were the most prevalent virus type, spreading primarily in
the 16-bit DOS world via floppy disk. Boot sector viruses infect the boot sector
on a floppy disk and spread to a user’s hard disk, and can also infect the
master boot record (MBR) on a user’s hard drive. Once the MBR or boot sector on
the hard drive is infected, the virus attempts to infect the boot sector of
every floppy disk that is inserted into the computer and
accessed.
Boot sector viruses work like this: by hiding on the
first sector of a disk, the virus is loaded into memory before the system files
are loaded. This allows it to gain complete control of DOS interrupts so that it
can spread and cause damage.
These viruses often replace the original contents of
the MBR or DOS boot sector with their own contents and move the sector to
another area on the disk. Cleaning up a boot sector virus can be performed by
booting the machine from an uninfected floppy system disk rather than from the
hard drive, or by finding the original boot sector and replacing it in the
correct location on the disk.
File Infecting Viruses
File infectors, also
known as parasitic viruses, operate in memory and usually infect executable
files with the following extensions: *.COM, *.EXE, *.DRV, *.DLL, *.BIN, *.OVL,
*.SYS. They activate every time the infected file is executed by copying
themselves into other executable files and can remain in memory long after the
virus has activated.
Thousands of different file infecting viruses exist,
but similar to boot sector viruses, the vast majority operate in a DOS 16-bit
environment. Some, however, have successfully infected the Microsoft Windows,
IBM OS/2, and Apple Computer Macintosh environments.
Multi-Partite Viruses
Multi-partite viruses
have characteristics of both boot sector viruses and file infecting
viruses.
Macro Viruses
Macro viruses currently
account for about 80 percent of all viruses, according to the International
Computer Security Association, and are the fastest growing viruses in computer
history. Unlike other virus types, macro viruses aren’t specific to an operating
system and spread with ease via email attachments, floppy disks, Web downloads,
file transfers, and cooperative applications.
Macro viruses are, however, application-specific.
They infect macro utilities that accompany such applications as Microsoft Word
and Excel, which means a Word macro virus cannot infect an Excel document and
vice versa. Instead, macro viruses travel between data files in the application
and can eventually infect hundreds of files if undeterred.
Macro viruses are written in "every man’s programming
language" – Visual Basic – and are relatively easy to create. They can infect at
different points during a file’s use, for example, when it isd, saved,
closed, or deleted.
